Advertisement

Toward a Rigorous Variation of Coppersmith’s Algorithm on Three Variables

  • Aurélie Bauer
  • Antoine Joux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4515)

Abstract

In 1996, Coppersmith introduced two lattice reduction based techniques to find small roots in polynomial equations. One technique works for modular univariate polynomials, the other for bivariate polynomials over the integers. Since then, these methods have been used in a huge variety of cryptanalytic applications. Some applications also use extensions of Coppersmith’s techniques on more variables. However, these extensions are heuristic methods. In the present paper, we present and analyze a new variation of Coppersmith’s algorithm on three variables over the integers. We also study the applicability of our method to short RSA exponents attacks. In addition to lattice reduction techniques, our method also uses Gröbner bases computations. Moreover, at least in principle, it can be generalized to four or more variables.

Keywords

Lattice reduction Coppersmith’s algorithms Gröbner basis 

References

  1. 1.
    Bardet, M.: Etude de sytèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. PhD thesis, University of Paris 6 (2004)Google Scholar
  2. 2.
    Blömer, J., May, A.: Low Secret Exponent RSA Revisited. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 4–19. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Blömer, J., May, A.: A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key Less Than N 0.292. IEEE Transactions on Information Theory 46, 1339–1349 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Coppersmith, D.: Finding a Small Root of a Univariate Modular Equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Coppersmith, D.: Finding Small Solutions to Small Degree Polynomials. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 20. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Coron, J.-S.: Finding Small Roots of Bivariate Integer Polynomial Equations Revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial Key Exposure Attacks on RSA up to Full Size Exponents. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases (F4). Journal of Pure and Applied Algebra 139, 61–88 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Hinek, M.J.: New partial key exposure attacks on RSA revisited. Technical report, CACR, Centre for Applied Cryptographic Research, University of Waterloo (2004)Google Scholar
  12. 12.
    Hinek, M.J.: Small Private Exponent Partial Key-Exposure Attacks on Multiprime RSA. Technical report, CACR, Centre for Applied Cryptographic Research, University of Waterloo (2005)Google Scholar
  13. 13.
    Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)Google Scholar
  14. 14.
    Howgrave-Graham, N.: Approximate Integer Common Divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Lenstra, J.A.K., Lenstra, H.W., Lovasz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Aurélie Bauer
    • 2
  • Antoine Joux
    • 1
    • 2
  1. 1.DGA 
  2. 2.Laboratoire PRISMUniversité de Versailles Saint-Quentin-en-YvelinesVersailles cedexFrance

Personalised recommendations